Company Description SSENSE (pronounced [es-uhns]) is a global technology platform operating at the intersection of culture, community, and commerce. Headquartered in Montreal, it features a mix of established and emerging luxury brands across womenswear, menswear, kidswear, and Everything Else. SSENSE has garnered critical acclaim as both an e-commerce engine and a producer of cultural content, generating an average of 100 million monthly page views. Approximately 80% of its audience is between the ages of 18 to 40. It is privately held and has achieved high double digit annual growth and profitability since its inception.
Responsibilities Information Security Strategy (20%)
Define and own the information security operations roadmap at SSENSE across all technology, and work with the CISO to ensure congruence and support with the overall Information Security Roadmap and business objectives and desired risk posture.
Develop and manage the budget for delivery of the information security operations service and identify opportunities for synergies and efficiencies in line with other functions in the organisation
Establish and track Security Key Performance Indicators (KPIs) including tracking of ROI for security investments.
Information Security Operations (40%)
Partner with the IT team and other internal teams to ensure the effective design and operations of the information security operations service for SSENSE
Lead, manage, and motivate a team of professionals both in-house and through a MSSP to ensure success of the Security Operations function
Lead vulnerability management, incident response, threat intelligence, event management, and SOC operations utilizing various controls and systems
Plan, direct, and manage day-to-day activities across the Cyber Security Operations team including, but not limited to:
Analyze and evaluate network, system, and security alerts to include determining scope, urgency, and potential impact
Develop and implement security standards and procedures for security operations
implement, mature and lead the incident response program, including documentation, planning, incident coordination, forensics, threat intelligence, and internal and external incident response functions
Implement, mature and lead the vulnerability management program
Coordinate vulnerability research activities with the IT team
Establish and coordinate proactive incident response planning through table top exercises
Oversee all enterprise-wide incident reporting, including review for compliance with established standards and appropriate follow up activities
Reinforce industry best practices in incident response, cybersecurity analysis, and knowledge management
Lead response to security incidents, ensuring alignment with IR plan and all stakeholder requirements
Review reports on incidents and breaches and provide executive summaries to senior IT leadership
Manage technical security infrastructure to include security tools such as endpoint protection, log management, intrusion detection, and multi-factor authentication
Outsource Management (20%)
Implement a Co-Managed SIEM leveraging both internal and third-party resources and integrate relevant event data sources across the enterprise
Manage the Security Operations Center function delivered through a MSSP
Establish and manage objectives and performance, including establishing service level objectives and tracking overseeing metrics
Work with the outsourced service providers to achieve desired outcomes and addressing and supporting resolution of identified security risks
Track service provider remediation plans as required to achieve desired outcomes
Chair monthly governance meetings with the MSSP to review security risks and ensure continuous improvement
People Leadership & Development (20%)
Hold weekly one-on-ones, conduct performance reviews, analyse individual KPIs and assess promotion readiness to help each contributor evolve in their roles
Drive team mobilisation by regularly gauging team engagement and implementing appropriate means to create a transparent, collaborative and productive work environment
Identify current gaps within the team/department structure and work with Senior Leadership on resourcing plans
Establish the resource plan for the direct team
Establish the short term objectives for the department and ensure team\'s are engaged towards achieving the department\'s missions
Drive the Department\'s mission and vision throughout the teams
Qualifications REQUIREMENTS
Bachelor\xe2\x80\x99s degree in Computer Science, Information Security, or a related field
A minimum of 10 years experience in Information Security, Security Operations, or IT operations
A minimum of 5 years experience of direct people leadership experience
Experience with Public Cloud (AWS, Google)
Strong experience with corporate security technologies such as firewalls, anti-virus software, End-Point Detect & Respond (EDR), Data Leakage Prevention (DLP), Security Incident & Event Management (SIEM) solutions, etc.
Experience with various forensic log artefacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs
Experience with Information Security Industry Standards (ISO27001, SOC3, CSA) and audits
Experience with scripting automation is an asset
Familiarity with global privacy laws such as GDPR, CCPA, China PIPL, etc. is highly desirable
SKILLS
Ability to evaluate risk and provide operational strategies and response based on risk to SSENSE
Ability to manage and grow a team of internal personnel and external partners
Ability to communicate technical concepts and complexity to all types of audiences
Ability to comply with regulatory requirements
Strong collaboration and influencing skills
High work ethic and results-oriented
High sense of accountability and ownership
Solution-oriented mindset and can-do attitude to overcome challenges
Ability to thrive in a fast-paced environment and master frequently changing technologies and techniques
Ability to lead a project from initial conceptual stages through to completion
Additional Information WORLD CLASS TECHNOLOGY Technology is at the core of everything we do at SSENSE. Driven by an engineering mindset and a problem-solving attitude, we blend fashion with technology to deliver an unparalleled experience to our customers as we build seamless, custom solutions to deliver the SSENSE offering. WORLD CLASS TEAM The SSENSE tech team is responsible for an international headless commerce platform. Working in an agile environment, our squads are made up of experienced innovators in Product Management, QA, Design, DevOps, Software Development, Machine Learning, Data Engineering, and Security. Headquartered in Montreal, our technology organization has been growing at a rate of 2X year-over-year and is doubling once again in 2021 as we expand across Canada, US, and Europe. WORLD CLASS PLATFORM The SSENSE platform runs on Amazon Web Services making use of serverless microservices across web, mobile and app. Our event-source architecture already achieves over 10,000 requests / second and growing at an unmatched pace, currently unseen across the industry. Our data-driven culture of innovation empowers every product team across the tech organization to explore building, testing and learning with the latest in Machine Learning techniques. Our automated continuous improvement DevOps model (making use of both blue / green and canary deployments) results in an average of 50 production releases every day. Read more about us on our SSENSE Tech Blog.
Beware of fraud agents! do not pay money to get a job
MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.